Hey, it's been awhile since I've gone on this site. I use to come here religiously for months, but then school got in the way. Ultimately, I ended up not taking care of my computer properly, when downloading or viewing sites and had a kind of care free attitude for awhile. Well, bottom line is I think I fucked up my computer some where along the way, and that I might have trojans or viruses or RAT's...

Here is a copy of my netstat -ano command, that i used to watch what was connecting where and to who...*SideNote* I changed my IP address to the 111.111.1.111 that you see below AND I had literally just restarted my computer, let it boot up and then ran the netstat cmd without opening any programs!

Now the PID process 2052 and 2012 are not located in my task manager and although the 3432 was located (harmless), what does it mean when I can't find the PID? Also, I Noticed alot of the ports that were being LISTENED too are of 49000 or greater, which indicates that a trojan is infected in my computer?

I've been running McAfee and Zone alarm but they never find anything .... Can you guys help me decode that netstat cmd and help figure out what's going on? My general impression of it is that someone is spoofing their IP address to fit mine.... Thoughts on any of this?

run a command prompt as the administrator and run the command 'netstat -abno' , that should tell you the name of the process using the port.

task manager doesn't normally show all of your programs unless you hit 'show programs from all users'

to view the process which is doing this using the PID, use the command ' tasklist /FI "PID eq YOURPIDHERE" ' or ' tasklist /FI "PID eq YOURPIDHERE" /SVC ' to see what services are running on that process. Honestly, a quick google search tells me that it's not always malicious.

Now, your theory on someone spoofing their IP to fit yours seems pretty wrong to me. To spoof your IP, you don't really need to actually root someone else's computer. Although it is simple that way, there are better ways to approach this problem.

I was using the netstat -b command, but I never knew I could combine it with the -ano to view the processes and their PIDs. I seemed to find only programs for like itunes helper or the web browswer, along with maybe a window's programs like mDNSmessenger, nothing out of the ordinary. But occassionally I would find processes that say "Cannot obtain Ownership Information". So I would try and do a tracert on their IP address or hostname (if it was visible but not identifiable), and sometimes I would find out it was just Aklami Technology or some other benign program. However, I tried the tracert earlier today and the route showed about 11 'jumps' before slowing down, and then started repeating "Request timed out" for each additional jump, which would take even longer than the one before it...

I'm probably just being paranoid about the situation, but I don't understand why I have such a long list for a netstat command. I was looking at examples of other people who have documented their findings online, and they have less than half of what I have, while I'm not even running anything on my desktop and they are.